The governance of cybersecurity, cross-border data flows, privacy, algorithms and law enforcement access to encrypted data all face potential changes in 2018. CIO Journal spoke to Victoria Espinel, CEO of the software industry trade group BSA, about the global data governance agenda, with a focus on Europe and the U.S. “In particular, the EU’s development of its recently proposed Cybersecurity Act will have broad ramifications for industry and will be important to watch,” said Ms. Espinel, previously U.S. Intellectual Property Enforcement Coordinator for the White House under President Obama.

Here’s a look at how BSA views the biggest issues to watch on the data governance agenda for 2018:

Cybersecurity. In September, European Commission President Jean-Claude Juncker proposed a cybersecurity act regulation that would create “a framework of European Cybersecurity Certification Schemes … for Information and Communications Technology products and services,” as the National Law Review Reported. The European Parliament and Council will deliberate, the Law Review said. “IoT cybersecurity will be a concern for policymakers around the world. We are aware of policy and/or legislative efforts to address IoT cybersecurity in the US, Japan, the EU, and elsewhere,” Ms. Espinel said.

Victoria Espinel
Photo:
BSA (The Software Alliance)

In the U.S., Sen. Mark Warner (D., Va.) has raised the idea of creating national standards for data breach notifications. Sen. Warner also is a co-sponsor of The Internet of Things Cybersecurity Act of 2017, “which, among other things, aims to establish realistic standards with respect to security in connected devices sold to the federal government,” as Forbes notes.

Cross border data flows. Potential challenges to data flows in 2018 will include the so-called The Schrems II case, named for Austrian lawyer and activist Max Schrems. In the first Schrems case, his complaint led to the creation of a new and tougher protocol for transferring data between Europe and the U.S., known as the Privacy Shield. The Schrems II case challenges an alternative framework for transferring data, a set of contractual clauses among companies. BSA is a witness in that case, now before the EU’s Court of Justice. Meanwhile, the Privacy Shield itself faces a legal challenge from advocacy group La Quadrature du Net.

The General Data Protection Rule takes effect in Europe in May, but will have implications for companies around the world. Companies that do business in Europe face fines of up to 4 percent of global sales for violations. This will matter to many industries, including financial services, health care, advertising and analytics, Justin Antonipillai, founder and chief executive of WireWheel and previously acting undersecretary at the Department of Commerce, told WSJ Pro Cybersecurity’s Jeff Stone. “The reason this is going to hit so many isn’t just that the fines are so massive. It is that there are thousands of companies that have no idea that you’re actually covered by this law,” Mr. Antonipillai said. “Under old European law, if you kept the data in Europe it was covered under European law, and if you kept it in the U.S., you were under U.S. law.

Now, it is if you offer a service in Europe, which could be as little as offering your app in an EU app store. So there are going to be companies located in Silicon Valley, and they’re directly covered by this.”

Public access to algorithms. Looking down the road, BSA expects governments to press companies to make algorithms that they use available to the public. Companies are under pressure to develop “explainable” AI in which the decision-making process is more transparent and a company can be held accountable for what its AI and algorithms do, as CIO Journal has reported.

“The rise of A.I. pricing poses a challenge to antitrust law. Authorities in the EU and U.S. haven’t opened probes or accused retailers of impropriety for using A.I. to set prices. Antitrust experts say it could be difficult to prove illegal intent as is often required in collusion cases; so far, algorithmic-pricing prosecutions have involved allegations of humans explicitly designing machines to manipulate markets,” the Journal’s Sam Schechner reported in May. “Officials say they are looking at whether they need new rules. The Organization for Economic Cooperation and Development said it plans to discuss in June at a round table how such software could make collusion easier ‘without any formal agreement or human interaction.’ ”

The level of public anxiety about the power of social media has opened renewed debate about the need to regulate giant tech companies such as Facebook Inc. The social media giant has been more open about confronting the potential for manipulating the platform with so-called Fake News and spam, but also faces more fundamental concerns about the possibly addictive nature of the medium itself. “It has been a rough time for tech titans on Capitol Hill, with investigations into the use of social media to meddle in elections just one example,” David Marino-Nachison writes in Barron’s. “That ... raises worries about regulation, even as companies like Facebook seek to avoid it with their own reforms.”

The Morning Download email newsletter will be on hiatus from Dec. 26 though Jan. 2. We wish all of our readers and their family and friends a great holiday season and good health in the New Year. Not a subscriber to our daily distillation of business technology news? Tick off one of your New Year’s resolutions by signing up today. — Editors.